KR100350286B1 - Signal Processing Device and Method - Google Patents

Abstract

Access control systems for signal processing applications include integrated circuit (IC) cards, or "smart" cards 180, which provide safety control and data descrambling functions. The safety control processor 183 in the smart card 180 IC performs functions such as name management and key generation. The smart card 180 IC also includes a descrambler 185 that processes data such as video data at high data rates. The mechanical characteristics of smart cards meet ISO standard 7816-1. In addition, the interface to the smart card is via eight terminals 187 arranged on the surface of the card according to ISO standard 7816-2. The eight terminal interface 187 provides high speed data I / O (input and output) and ISO standard serial data I / O required for data descrambling.

Description

Signal Processing Device and Method

The present invention relates to an access control system (or signal processing apparatus and method) comprising an integrated circuit (IC) card or "smart" card for restricting access to information in the field of signal processing.

Systems such as paid IV systems include an access control subsystem that restricts access to any program or channel. Only authorized (eg, paid) users can watch the program. One access restriction method is to modify the signal by, for example, scrambling or encrypting the signal. In general, scrambling relates to modifying the shape of a signal using a method such as eliminating sync pulses. Encryption relates to changing the data components contained in a signal in accordance with certain cryptographic algorithms. Only those individuals entitled to access are provided with the "key" needed to descramble or decode the signal. The terms scrambling and descrambling used hereinafter are typically used to encompass access control techniques including cryptography and scrambling.

The access control system may comprise the form of an integrated circuit (IC) card, ie a "smart" card. A smart card is a credit card sized plastic card with a signal processing IC mounted in plastic. The smart card is inserted into a card reader that couples signals with ICs in the card. The International Organization for Standardization (ISO) standard 7816 sets design guidelines for IC card interfaces. In particular, ISO standard 7816-2 specifies that the electrical interface of the card is to be formed through eight contacts disposed on the card surface as shown in FIG. 2A. Six of the eight signals at that contact point are VCC (power supply voltage), RST (reset signal), CLK (clock signal), GND (ground), VPP (programming voltage for programming memory in the card IC) and I / It is defined as O (serial data input / output). The two contacts are spare contacts for future use. The signal assignment of the smart card contact is shown in FIG.

The IC in the smart card processes data such as security control information such as part of the access control protocol. The IC includes a control microcomputer, such as the 6805 processor manufactured by Motorola Semiconductor, Inc., Austin, Texas, which includes ROM, EEPROM and RAM memory. The processor implements various security control functions including rights management and generating keys for descrambling the scrambled data component of the signal. Rights management involves changing card embedding information that specifies the cardholder's rights (i.e., programs and services that the user is permitted to access). The processor adds and deletes rights according to rights information in the rights management message (EMM) included in the input signal. EMM data generally represents a right to a particular service (eg, all programming on a particular channel) or a right to a particular program (eg, a movie on a particular channel) provided by the service. Since EMM is about a relatively long term right, EMM generally occurs rarely in a signal. Once rights to a service or program are granted, descrambling of the service or program can only occur after the descrambling key is generated. The key is generated in accordance with the rights control message (ECM) also included in the input signal. The ECM provides initialization data for key generation routines executed by the processor. Each time the service provider changes the scrambling key, the ECM data is included in the signal to allow the system entitled to access to generate a corresponding new descrambling key. In order to prevent unauthorized access to the scrambled signal, the key is often changed, eg every two seconds. Thus, ECM data often occurs in the signal.

EMM data and ECM data are sent to the smart card and processed through the serial I / O terminal of the ISO standard 7816 interface. The serial I / O terminal is also used to transfer the generated key from the smart card to the descrambler unit in the video signal processing channel. The descrambler uses the key to descramble the data components of the input signal, such as video data and audio data, to produce a descrambled output signal or " plaintext " output signal. Descrambling includes performing the scrambling process in reverse, such as reinserting a sync pulse or decrypting the data using the inverse of the encryption algorithm. The descramble signal is further processed by the signal processing channel to generate video and audio signals suitable for coupling to output devices such as kinescopes and loudspeakers, respectively.

Including the descrambling function in the video signal processing channel, adding disc descrambling hardware to the system. The hardware may be included in a home appliance (CE) device such as a television receiver, or may be included in a stand-alone (stand-alone) decoder unit such as a cable box. If the descrambling hardware is included in a CE device or standalone decoder unit, the device is dedicated to a particular access control system. For example, the hardware may be adapted to descramble only certain types of scrambling algorithms. If a service provider wants to change to another access control system, for example due to security issues, the DFL replacing descrambled hardware can perform expensive and complex tasks of modifying the CE device, replacing the decoder unit, or both. in need.

In addition, sending the descrambling key generated by the smart card to a descrambler outside the smart card has the potential for a "hacker" to intrude into the security system. Because the security control IC is embedded in a smart card, a hacker cannot directly access the IC as part of an attempt to "hack" the security algorithm, that is, destroy the security algorithm. If you try to thin a smart card to access the IC, the IC will be destroyed. However, the transfer of keys to the descrambler via the card interface increases the likelihood that hackers will monitor key transfer protocols, intercept keys, and compromise access control systems.

The present invention provides a solution in view of the above problem. According to one embodiment of the invention, a signal processing apparatus includes an integrated circuit (IC) having a signal processing channel for processing an input signal having a control information component and a scrambled data component, and an IC for providing both key generation and descrambling functions. ) Includes cards.

According to another embodiment of the present invention, the IC and signal processing channel in the IC card include a descrambling function. One or both of the descrambling functions may be used to descramble the scrambled data signal component.

According to another embodiment of the invention, the IC card exhibits mechanical properties in accordance with ISO standard 7816-1 and includes terminals mounted on the card surface in accordance with ISO standard 7816-3, in accordance with ISO standard 7816-2. It provides a serial data interface and a high speed data interface.

According to another embodiment of the present invention, a plurality of integrated circuit cards are connected in series to form a signal processing channel in the signal processing apparatus. The output signal from one integrated circuit is delivered to at least one other integrated circuit card. The final card connected in series provides the output signal of the signal processing channel.

According to yet another embodiment of the invention, a television receiver comprises a signal processing device comprising an integrated circuit reader for coupling a plurality of integrated circuit cards connected in series to a signal processing channel in a television receiver.

The invention will be better understood with reference to the accompanying drawings.

One example of a smart card access control system incorporating the present invention is described with reference to an exemplary video signal processing system shown in the block diagram of FIG. The system shown in FIG. 1 includes signal processing functions that can be found in various signal processing systems. A specific example is the DSS ^™ direct broadcast satellite television system developed by Thomson Consumer Electronics.

In the case of a pay TV service associated with a smart card type access control system, a user who wants to purchase a service contact with a service provider pays a service access fee and receives a smart card. The card is issued to the user with initiation right information stored in the card's EEPROM. The entitlement information may include user identification data and scoping data of the starting access rights (eg, the period and / or the specific program for which the user paid for the fee). In addition, application specific key generation software is stored in the card memory.

The rights information stored on the card can be identified by the remote service provider using a rights management message (EMM) and a rights control message (ECM) inserted in part of the signal. The EMM includes information display subscriptions (long-term access) for which the user has paid a fee, and a fee payment method (single program access) service according to the number of viewers. The EMM can be connected to a specific smart card because the EMM data This is because the identification information corresponding to the identification information stored in the specific smart card is included in the network. The ECM contains data such as initialization data required to generate the descrambling key. Thus, a particular program signal includes both scrambled data components including video data and audio data and control information components including EMM and ECM.

When the user wants to access the pay TV service, the smart card 180 of FIG. 1 is inserted into the card reader 190. The card reader 190 combines signals between the signal processing channel containing units 100 to 170 of FIG. 1 and the smart card 180. In particular, the card reader 190 is connected to eight terminals arranged on the surface of the smart card 180 defined in ISO standard 7816-2 (see FIG. 2). When a connection is made by the card reader 190, an interface 187 is created between the smart card 180 and the signal processing channel. According to one example of the invention described further below, the eight signals in interface 187 are signal 184, a high speed data input / output (I / O) port and signal 184 for smart card 180, and an ISO standard IC card. It includes a subset of interface signals.

The desired program or service is selected by tuning the receiver to the appropriate channel using tuner 100. The tuner 100 is controlled by the microcontroller 160 in accordance with a user input. For example, microcontroller 160 receives a channel selection signal from a remote control (not shown in FIG. 1) operated by a user. In response to the channel selection signal, the microcontroller 160 generates a control signal that causes the tuner 100 to tune to the selection channel.

The output of tuner 100 is coupled to forward error corrector (FEC) 110. The FEC 110 detects an error by monitoring error control information such as a parity bit in the tuning signal, and corrects the error according to an error control protocol. The microcontroller 160 is coupled to the FEC 110 to monitor for error occurrences in the signal and to control error processing. In addition, the FEC 110 performs an analog-to-digital conversion (ADC) function to convert the analog output of the tuner 100 into a digital signal at the output of the FEC 110.

The transmission unit 120 processes the signal from the FEC 110 to detect and isolate various data in the tuning signal. The data in the signal can be arranged in various fromat. 3 illustrates an exemplary data format provided as a basis for the description below. The signal shown in FIG. 3 comprises a data stream, ie 'packetized' data, organized within a packet of data bytes. Each packet is associated with a particular type of information, or substream, in the data stream of the tuning channel. For example, the signal includes a packet of program guide information, control information (eg, ECM or EMM), video information, and audio information. The substream associated with a particular packet is determined by the data contained in the header portion of each packet. The payload portion of each packet contains packet data. The exemplary data format shown in FIG. 3 includes two bytes (16 bits) of data in the header and 186 bytes of data in the payload.

The first 12 bits of the header in each packet are program identification (PID) data bits. The PID data identifies the data substream with which the payload data is associated. An example of the information provided by the PID data is as follows.

Table 1

Different PID values identify video data and audio data for different channels.

As part of the tuning process, the microcontroller 160 refers to the PID "map" stored in the microcontroller's memory to determine the PID value associated with the tuning channel. The appropriate PID value is loaded into the PID register of the transfer unit 120. For example, when channel 101 is selected, microcontroller 160 accesses the stored PID map, determines the video data and audio data of channel 101 with PID values of 10 and 11, respectively, and that value. 10 and 11 are loaded into each video PID register and audio PID register of the transmission unit 120. The PID data in the incoming packet is compared with the PID value stored in the PID register to determine the contents of the payload of each packet. The microcontroller 160 may update the PID map data according to the PID-to-channel correspondence information in the "program guide" packet (PID value is 1).

The last four bits of the header of each packet further define the payload content as follows.

TABLE 2

For example, the ECM flag being activated (active) in logic 1 indicates that the payload contains ECM data, such as initialization data for key generation. Enabling the ENC flag indicates that the payload is encrypted and therefore must be descrambled. The key flag determines whether one of the two keys, ie, key A or key B, should be used to descramble the payload (e.g., logic 0 indicates key A, logic 1 indicates key B). The use of the key flag is described later with reference to FIG.

The transmitting unit 120 in FIG. 1 extracts and processes the header data in accordance with the packet clock signal shown in FIG. 3. The packet clock signal is generated by the FEC 110 and synchronized with the data stream. Each transition of the packet clock signal marks the beginning of a packet. The transmitting unit 120 processes the 16-bit header data following each packet clock signal transition to determine the destination for the packet payload. For example, the transmission unit 120 transmits the payload including the EMM (the PID value is 4) and the ECM to the security controller 183 in the smart card 180 through the microcontroller 160. Video data and audio data are sent to the demultiplexer / descrambler 130 to descramble and demultiplex the video and audio signals. Program guide data (PID value is 1) is sent to the microcontroller 160 to update the PID name.

The security controller 183 processes the EMM and ECM data to provide access control functions including rights management and key generation. The security controller 183 includes a microprocessor, such as a 6805 processor included in the integrated circuit (IC) 181 and manufactured by Motorola. Right management includes processing the EMM data to determine how and when to update rights information stored in IC 181, ie, adding or subtracting rights. The ECM data provides an initial value that the security controller 183 needs to generate a descrambling key. After the key is generated by the security controller 183, the key is descrambler 130 through which the scrambled data components of the input signal, such as video program data and audio program data, are descrambled via the microcontroller 160. Is sent). According to the principles of the present invention, which will be described further below, the descrambling function is also provided by the descrambler 185 included in the IC 81.

Descrambled video data and audio data are decompressed in video decompressor 140 and audio decompressor 145, respectively. Program data is compressed at the program source using any one of a variety of known data compression algorithms. Decompressors 140 and 145 perform the compression algorithms in reverse.

The outputs of the video decompressor and audio decompressor 140, 145 are coupled to the video signal processor and the audio signal processor 150, 155, respectively. The audio signal processor 155 may be a processor 155 that may couple the digital output signal from the decompressor 145 to the loudspeaker (not shown in FIG. 1), including functions such as stereo signal generation and digital / analog conversion. Can be converted to the analog audio output signal AOUT. In addition, the video signal processor 150 may convert the digital output of the decompressor 140 into an analog video output signal (VOVT) suitable for screen display on a display device such as a kinescope, including a digital / analog conversion function. . The video processor 150 also provides the signal switching necessary to include an on screen display (OSD) signal of the output signal (VOUT) generated by the OSD processor 170. The OSD signal indicates, for example, graphical information such as a channel number display that can be included in the display image. The video switch in video processor 150 multiplexes the OSD signal into the output signal VOUT needed to produce the desired display. The operation of the OSD processor 170 is controlled by the microcontroller 160.

Returning to the access control features of the system shown in FIG. 1, the features and functions of the smart card 180 will be better understood with reference to the block diagram of the smart card IC 181 shown in FIG. The same reference numerals in FIG. 4 as shown in FIG. 1 indicate the same or similar features. In FIG. 4, an integrated circuit (IC) 181 includes a central processing unit (CPU) 421, a RAM 426, a ROM 425, an EEPROM 423, and a serial I / O unit 424. The security controller 183 is included. The CPU 421 is a processor such as 6805 manufactured by Motorola. Key generation and rights management software is stored in ROM 425 and EEPROM 523.

In addition, the data specifying the current right is stored in the EEPROM 423 and modified according to the information in the rights management message EMM of the received signal. When the EMM packet is detected by the transport processor 120 of FIG. 1 (packet PID value is 4), the microcontroller 160 of FIG. 1 secures the packet payload through the serial I / O unit 424. And transmits to 183. The CPU 421 transfers the payload EMM data to the RAM 426. The CPU 421 processes the EMM data and accordingly transforms the rights data stored in the EEPROM 423.

Packet payloads, including rights control messages (ECMs) (as indicated by the ECM flag of active packet headers) are secured from transport unit 120 via microcontroller 160 and serial I / O unit 424. Sent to the controller 183. Any form of packet, such as an EMM, video or audio, may include an ECM. ECM data is used to generate descrambling keys for certain types of data. For example, ECM data in an EMM packet is used to generate an EMM descrambling key. When sent to the security controller 183, the ECM data is stored in the RAM 426 until processed by the CPU 421. Key generation software stored in the EEPROM 423 and the ROM 425 is executed by the CPU 421 using the ECM data in the RAM 426 to generate a specific key. ECM data provides information such as initial values required by the key generation algorithm. The resulting key is stored in the RAM 426 until it is transmitted to the descrambler 130 by the CPU 421 via the serial I / O unit 324 and the microcontroller 160.

EMM and ECM data may be encrypted as indicated by the encryption flag (ENC) in the active packet header. The encrypted data is transmitted from the transmitting unit 120 to the descrambler 130 and descrambled before being sent to the security controller 183 for processing of rights management or processing of key generation.

The features and operation of the IC 181 described so far are common in known smart card systems. However, as described above, using a descrambling unit external to a smart card, such as descrambler 130, substantially degrades system security and changes the descrambling hardware to undesirable. The device shown in FIGS. 1 and 4 has a distinctly improved security compared to known smart card systems. In particular, the IC 181 of the smart card 180 includes a descrambler unit 185 and a high speed data rate synchronization interface 184 having respective serial data in lines and serial data out lines. By the combination of the descrambler 185 and the interface 184, all access control processing can be done in the smart card.

In FIG. 1, the card reader 190 receives the ISO standard interface signal 165 from the microcontroller 160 and the transmission unit 120 via portions of the smart card interface 187, labeled 182 and 184, respectively. The high speed interface signal 125 is coupled to the smart card 180. 4 illustrates signals included in interface 187. The ISO standard signal 182 includes power supply, ground, reset, and serial I / O in FIG. 4 (corresponding to VCC, GND, RST, and I / O in FIG. 2B). The high speed interface signal 184 includes a high speed data in signal, a high speed data out signal, a packet clock signal, and a high frequency (eg, 50 MHz) clock signal. The ISO standard signal VPP (programming voltage) is replaced by a packet clock signal tolerant interface 187 including both a high speed interface and a low speed interface to be performed using the 8 standard ISO standard configuration shown in FIG. 2A.

The erase signal VPP does not interfere with the system shown in FIG. 1 from the operation of a current ISO standard smart card that does not include a descrambler 185 and a high speed data interface 184. Current smart cards typically include EEPROM circuits that do not require a separate programming voltage. The structure of the "charge pump" type generates the necessary programming voltage from the card supply voltage when programming is required. Thus, the WP signal defined by the ISO standard is a "unused" terminal for most current ISO standard smart cards. In the case of using a system with a current smart card, it is necessary to modify the operation of the system so as not to use the high speed interface 184 and the descrambler 185. The necessary modification can be achieved only by changing the control software for the controller 160.

The descrambler 185 operates at a high data rate in accordance with the high frequency clock signal when the security controller 183 requests a low frequency clock signal. Divider 422 in IC 181 divides the 50 MHz clock signal to produce a low frequency clock signal suitable for security controller 183. Thus, a single high frequency clock signal is used instead of a timing signal that controls the operation of security controller 183 and descrambler 185. The divider 422 eliminates the need to dedicate two of the eight smart card interface signals into a high frequency clock signal and a low frequency clock signal.

The descrambler 185 includes a transmit decode unit 472, a PID & ECM filter unit 474, and an EMM address filter unit 476 to provide functions similar to those described above in the transfer unit 120 of FIG. 1. do. The high speed data in signal and the data out signal of the interface 187 combine the high speed data stream of the input signal between the transmission unit 120 and the descrambler 185. By embedding the function of the transfer unit 120 in the smart card 180, the smart card 180 can process data packets coming in at a high data rate of the input signal. The data in signal and the packet glock signal are coupled to unit 472.

In accordance with each transition of the packet clock signal, unit 472 processes 16 bits of header data. The first 12 bits of the header is program identification (PID) data sent to the PID & ECM filter unit 474. The unit 474 compares the PID data of the packet with the PID value stored in the unit 474 as each type of packet included in the tuning channel. Similar to the above-described operation of the transmitting unit 120 (see Table 1 and related description above), the PID comparison within the unit 474 may be based on a payload that includes, for example, program guidance, EMM, video, or audio. Determine if the data is in form. The PID value identifying the packet type in the current tune signal is stored in a register in unit 474. The register is loaded as part of the above tuning process for the system of FIG. In particular, the microprocessor 160 accesses the stored PID "map" as described above, and transmits the PID value associated with the current tuning channel via the signal 182 and security controller 183 of the smart card 180 to the unit ( Transfer to the register at 474). The function of the descrambler 185, such as unit 474, and the data transfer between the security controller 183 occurs via a data bus inside the IC 181, not shown in FIG.

How payload data is processed by the smart card 180 is determined by the result of the PID comparison in unit 474 and by the contents of bits 13 through 16 of the packet header extracted by unit 472. . Using the above example for channel 101 (see Table 1), the PID data is stored in the program guide data (PID = 1), which is processed by the microcontroller 160 to update the PID map, and the security controller 183 grants rights. EMM data (PID = 4), video data (PID = 10) and audio data (PID = 11) which are processed to change are identified. Bits 13 to 16 of the header control security related operations (see Table 2 and related description above) of the smart card. If bit 13 (ECM flag) is active, the payload contains ECM data that requires key generation processing by security controller 183. If bit 15 (ENC flag) is active, the payload is encrypted and descrambled in descrambling unit 478 in descrambler 185. Bit 16 determines whether the key used in unit 478 to descramble is key A or key B.

The encryption status bit (ENC) determines how the payload data will be processed by the descrambling unit 478. The unencrypted payload data passes through the descrambling unit 478 unchanged from the high speed data in terminal to the high speed data out terminal of the smart card 180. Encrypted data is descrambled by the unit 478 at a data rate (speed). The descrambled video data and audio data are passed to the high speed data out terminal of the smart card 180. In each descrambled audio or video packet, the ENC bit in the packet header is set to a logical zero indicating that the packet is "clear", ie, descrambled. To prevent unauthorized users from accessing rights or key related data, the descrambled EMM data or ECM data cannot be passed out of the smart card 180 through the high speed data out terminal. Instead, the first scrambled EMM data or ECM data with the ENC bit set to logic 1 is passed to the smart card 180 from the high speed data in terminal to the high speed data out terminal. The descrambled EMM data and ECM data in the descrambling unit 478 are temporarily stored in the RAM 426 of the security controller 183 until processed by the security controller 183 for rights management and key generation. The transmitting unit 120 of FIG. 1 receives data (unchanged or descrambled) from the high speed data out terminal of the smart card 180. The PID value of each packet is checked and the payload is sent to the appropriate functional unit of FIG. 1 for further processing (eg, microcontroller 160 or decompressor 140, 145).

The operation of the smart card 180 is controlled by commands from the microcontroller 160 of FIG. 1 in communication with the smart card 180 via an ISO standard serial interface. In fact, microcontroller 160 is the main processor and security controller 183 is the subprocessor. For example, the micro coat roller 160 transmits PID information to the smart card 180 and instructs the card to descramble the data of the corresponding data stream. Security controller 183 responds by checking the rights and configuring smart card 180 for proper form of data processing such as rights processing, key generation or descrambling. In addition, the microcontroller 160 requires status information such as whether descrambling is in progress. The commands are communicated to the security controller 183 in the smart card 180 via the serial I / O terminal. Any response required by the command is returned to the microcontroller 160 via the serial I / O terminal. Thus, serial I / O signals are used in place of control signals between the system and the smart card 180 when the high speed data interface provides high speed input data signals and output data signals between the card and the system.

Serial communication between the microcontroller 160 and the smart card 180 occurs according to the protocol of ISO standard 7816-3. The smart card notifies the system of the particular protocol to be used by sending a protocol type number T to the system. In particular, when the card is inserted into the card reader, the card reader resets the card by applying power to the card and activating a reset signal. The card responds to a reset signal with a "response to reset" data sequence as defined in ISO standard 7816-3 §6. The response to the reset includes the interface byte TDi. The four lowest of the byte TDi define the protocol type number T (see §6.1.4.3 of ISO standard 7816-3).

The protocol type for the system shown in FIG. 1 is type T = 5. Type 5 protocols are classified as "preliminary" in the ISO standard, ie not currently defined. For the system of Figure 1, protocol type 5 is equivalent to protocol type O (asynchronous half-duplex protocol as defined in ISO 7816-3 §8), except that the baud rate (rate) for serial I / O is determined. The same is true for card interfaces where serial I / O occurs at a rate (rate) determined according to Table 6 of ISO standard 7816-3. The baud rate calculation is based on the rate at which the security controller 183 is clocked. For current smart cards, the clock frequency for security controller 183 is equal to the clock frequency f _s at the clock pin of the card. As shown in FIG. 4, the smart card 180 divides the rate of the high speed input clock Fin by a factor N (ie, Fin / n) to set the clock rate for the security controller 183. 422. Thus, for the Type 5 protocol, Table 6 of ISO Standard 7816-3 is modified by defining f _s = Fin / N.

As in the case of the Type O protocol, all instructions for the Type 5 protocol are initiated by the microcontroller 160. The instruction is a one byte instruction class designation (CLA), one byte instruction (INS), two byte parameters (P1, P2) such as address, and one byte number (P3) that is part of the instruction and defines the number of data bytes following the header. Starts with a 5-byte header containing In the case of the system of FIG. 1, the parameters P1 and P2 are unnecessary, so these bytes are " don't cares ". Thus, the command has the form

CLA INS │-│-│ P3 │ Data (P3 byte)

The command recognized by the smart card 180 includes a status command and a PID transfer command. The smart card 180 responds to a status command from the microcontroller 160 by providing a processing status of the card, such as whether the card has finished generating keys or the card is descrambling data. Using the PID transfer command, microcontroller 160 transmits the PID number associated with the tuning channel. Other commands are also possible, such as commands for sending EMM data and ECM data, key related commands, and "purchase order" commands, which will be described below.

The operation of the smart card 180, in particular the descrambler 185, is described in more detail with reference to FIGS. 5 to 8. When the new channel is tuned, microcontroller 160 sends the PID value for the new channel from the PID map to the smart card (ISO) as shown in FIG. The PID data transfer is generated using a PID transfer instruction containing a PID value of N, where N is specified in byte P3 of the instruction header. The command and PID values are communicated to the card via the serial data terminals of the smart card 180 and the serial I / O unit 424. The CPU 421 receives the PID data and sends it to the appropriate PID register of the register 474 in the descrambler 185.

Before the signal is descrambled, the user must be given the right to access and a correction key must be loaded into the descrambler. After sending the PID data to the cap 180, the security controller 183 compares the PID value with the rights data stored in the EEPROM 423 to verify that the user has been granted the right to access the tuning channel. If the user is granted the right, the next step is to generate the key. Key generation includes processing ECM data. Thus, the ECM must be received and processed to generate a key before audio data and video data are descrambled. Encrypted to reduce the likelihood of generating keys without ECM data privileges. The card is issued with a key for descrambling the ECM stored in the card in the EEPROM 423. As shown in FIG. 6, the ECM key is transferred by the CPU 421 from the EEPROM 423 to the ECM key register in the descrambling unit 478.

If the user is not granted the right to access the tuning channel, the right must be received before key generation and descramble can be generated. The user can acquire rights in at least two ways. Firstly, rights can be received via EMM. When the card is issued, an "address" that identifies the particular smart card is stored in the card's EMM address unit 476. By including address information in the EMM, the service provider can send the EMM to a particular card. The smart card compares the address information in the EMM with the card address stored in the unit 476 to detect the EMM information sent to the card. If the user is not authorized, the security controller 183 configures the card to process the EMM as shown in FIG. 6 when EMM data is received.

As in the case of the ECM key, the card is issued with the EMM key stored on the card in the EEPROM 423. In FIG. 6, the EMM key is sent by the CPU 421 from the EEPROM 423 to an EMM key register in the descrambling unit 478. The scrambled EMM data from the transmitting unit 120 of FIG. 1 is input to the card through the high speed data in port. After checking the EMM address in unit 476, the EMM data that fits the hard is encrypted in descrambling unit 478. The decrypted EMM data is temporarily stored in the RAM 426 and processed by the CPU 421 to update the right data stored in the EEPROM 423.

In addition, the user can acquire rights through "impulse" purchases. When the user tunes to a particular channel and the security controller 183 determines that the user has no right to access, the smart card 180 creates a "Purchase Order" menu that is displayed on the video display device. The menu provides the user with an opportunity to select various options, such as purchase access to programming on the tuning channel. When the user selects purchase access, the rights in the smart card are updated, and subsequent channel access is enabled by key generation and descrambling described below. The purchase information is communicated to the service provider via a "reportback" function. The service provider then bills the user for the rights purchase cost. The same sequence of operations occurs when the user decides to purchase the right to watch the pay-per-view (PPV) programming being advertised through the advertising channel. The system detects the user's selection for a particular PPV program, the smart card renews the rights, and sends the purchase information to the service provider through a reply function.

Features of the purchase order menu are described in more detail below. If the security controller 183 determines that the user is not granted the right to access the tuning channel and the tuning channel supports the purchase order function, the CPU 421 sets a flag in the status register to set the purchase order menu. Indicates that the screen is open. The controller 160 periodically sends a command to the smart card 180 requesting status information, and the smart card 180 responds to the contents of the status register. Thus, the controller 160 detects the purchase order menu pending flag and sends an arbitrary command to the smart card 180 requesting the menu information.

The smart card 180 responds with data that may be included in a menu, such as a purchase option. The controller 160 transmits the information on the On Screen Display Unit (OSD) 170 of FIG. 1 in which a menu display signal is generated. The user's selection, eg, "purchase" or "non-purchase", is entered through the remote control device and received by the controller 160. The response is sent to the smart card 180 via a command from the controller 160. Once access is purchased, the rights in the smart card 180 are updated.

The purchase information is sent to the service provider in a reply message so that the user can be charged for the service. The reply message may be sent to the service provider through the user's telephone line and the modem built into the system. The microcontroller 160 may manage a schedule so that the telephone line may return when the telephone line is not busy (eg, midnight). If a purchase occurs, the status register in smart card 180 is updated to set a flag indicating that the reply message is pending. A subsequent status command from controller 160 detects the reply message pending flag. When a reply occurs, the controller 160 sends a command to the smart card 180 requesting the content of the reply message. In addition to the purchase data, the reply message may include information such as a telephone number dialed by the modem to establish a reply channel to the service provider. After receiving the reply message content from the smart card 180, the controller 160 establishes a connection with the service provider through, for example, a modem, and transmits the message content to the service provider.

After the PID value is loaded, the right is present, and the ECM key is located in the descrambler 185, the card is prepared to descramble the ECM data and generate audio and video keys. In FIG. 7, ECM data in the signal is received by the smart card 180 via the high speed data in terminal and detected by the transmitting decode unit 472. The ECM data is sent to the descrambler 478 where the previously loaded ECM key is used to decrypt the ECM data. When decrypted ECM data becomes available, the CPU 421 uses the decrypted ECM data in the RAM 424 to store the keys stored in the EEPROM 423 and ROM 425 to generate video and audio keys. Run the generation algorithm. The generated key is sent to the appropriate video and audio key register in descrambler 478.

As shown in FIG. 7, the descrambler 478 includes two key registers for video, namely video keys A and B and two key registers for audio, namely audio keys A and B. Which of the keys A or B is used to descramble a particular packet is determined by the key flag bits in the packet header (see Table 2 above). A "multiple key" is used to cause the current key to be generated when used to descramble data. Processing ECM data in security controller 183 and sending a new key to a key register in descrambler 478 to generate a new key requires an indication number of the instruction cycle of CPU 421. If stopped during the creation and transmission of the processing delay, the processing delay will require someone watching the program to see the scrambled image until a new key is placed in the descrambler 478. Having key registers A and B causes data to be decrypted using a key in one key register such as key register A, while a new key is generated and loaded into a second key register such as key register B. After initiating key generation by ECM data transmission, the service provider waits long enough for key B to be generated in descrambler 478 before encrypting the packet using key B. The key flag notifies the descrambler 185 when to start using the new key.

After the operations of FIGS. 5, 6 and 7, the descrambler 478 is initialized with all the key information required to process the encrypted data in the tuning channel, including the EMM, ECM video and audio data. 8 shows the flow of a signal for processing data. The encrypted data is input to the smart card 180 through the high speed serial data input terminal. The data is decrypted in the descrambler 478 using the previously loaded key. For example, if the transmitting unit 472 determines payload data, which is video data associated with the video key A, from the header of the input packet, the packet payload is decrypted using the video key A. The decrypted data is immediately output from the smart card 180 via the high speed serial data output terminal. 8 shows that the data descrambler 478 does not require interaction between the descrambling unit 185 and the security control unit 183, which causes the data descrambler 478 to process the data of the input signal at a high data rate (rate). Pay attention.

Key generation in the security controller 183 coupled to the descrambling feature of the descrambling unit 478 is encrypted using a variety of algorithms, including the Data Encryption Standard (DES) algorithm and the Rivest-Shamir-Adlemann (RSA) algorithm. It provides a possibility for termination to the smart card 180 to process the signal. By providing all access control related processing to the smart card 180, security related data such as key data should not be transmitted outside of the smart card 180. As a result, security is clearly improved compared to systems that use a descrambler outside the smart card.

Although there is an advantage to using the descrambler 185 inside the smart card 180, an external descrambler such as the descrambler 130 of FIG. 1 may also be used. The external descrambler may be desirable for compatibility of the smart card with current pay TV systems that generate keys in the smart card and transmit the keys to the descrambler 130. Alternatively, it may be desirable to use both descrambler 185 and descrambler 130. For example, security can be improved by encrypting the signal twice using two different keys. The twice encrypted signal is decoded once in the descrambler 185 using the system shown in FIG. 1, i.e. using the first key, and the data partially decoded in the descrambler 130. Can be decrypted by decrypting the signal twice in the descrambler 130 using the second key. The second key may be generated in the smart card 180 and transmitted to the descrambler 130.

In applications involving descrambler 130 (ie, where key data is transmitted out of smart card 180), commands are keyed between controller 160 and smart card 180 via a serial I / O interface. Provided for transferring data. For example, the microcontroller 160 sends ECM data to the card in one command and requests the key generation status using the status command. When status data indicates that key generation has ended, another command requests key data and the card responds by sending the key data to controller 160. Subsequently, the key is sent to the descrambler 130.

The present invention also provides an advantage with regard to security management. For example, access control software and hardware can be changed inexpensively and easily by sending new smart cards to all authorized users. In conventional systems, changes in access control hardware dedicated to a particular algorithm require expensive and time-consuming work to replace all decoder units, including descrambler hardware. The present invention allows a service provider and receiver manufacturer to initially provide a generic card reader and signal processor. All field-specific access control possibilities are provided by smart cards.

The invention may also be used in access control operations involving cryptography, such as in the "head-end" (ie, signal source) art. By including the appropriate cryptographic algorithm software in the EEPROM and ROM of the security controller 183, it is possible for the descrambler 185 to encrypt the input signal. The head end hardware for generating the transmission signal will include a card reader such as card reader 190 of FIG. The signal is processed from a signal source such as a video camera and coupled to the high speed input of the smart card 180 in plaintext, ie uncoded form. The descrambler 185 generates an encrypted signal from the high speed output of the smart card 180 and transmits the encrypted signal to the user. Thus, service providers can benefit from the advantages of the present invention, such as improved security and easily changing access hardware and software.

Another embodiment of the present invention is directed to the embodiment of the system of FIG. 1 including a structure of a plurality of smart cards having high speed data paths connected in series. In particular, the high speed data out terminal of one card is connected to the high speed of a subsequent card. It is connected to the data in terminal. Smart cards connected in series can be advantageous in various fields. For example, a serially connected smart card may descramble the encrypted signal prior to security purposes. In a serially connected structure, each smart card can descramble a certain level of cryptography. Each smart card in the serially connected structure is configured to descramble a particular level of cryptography.

Serially connected smart cards can also be used when a user owns one or more smart cards and must sign for one or more access services. Systems that can only process data on one smart card allow the user to change the smart card manually when the user selects a paid access service. A system comprising a plurality of serially connected smart cards does not need to change the smart card manually because the signals are processed by each card in the "stack" of the serially connected cards. The card in the stack corresponding to the tuning channel descrambles the signal. Cards not associated with the tuning channel pass through the signal unchanged.

Smart cards connected in series may also be used in intra picture video (PIP) video systems. The PIP system generates a signal representing a main video picture and one or more small pictures to be inserted into the main displayed picture. Generally, the main picture displays a signal from one channel while the embedded picture includes a signal from a second channel. When two or more smart cards are connected in series, one smart card can descramble the signal for the main picture while the other smart card descrambles the signal for the embedded picture.

9 shows a switching device used in a smart card reader to provide the serially connected high speed data path. In FIG. 9, switches 1 and 2 respond to the insertion of each card 1 and 2 into the card reader. Switches 1 and 2 determine the path of the high speed data in signal and the data out signal to the descrambler of each smart card. Each switch is shown as one of two possible states A or B, depending on whether the corresponding card is inserted or not: state A if each card is not inserted, or state BST, which can go to state B if the card is inserted. It is. In state A, the switch causes the input data, ie signal (DATAIN), to be diverted to the corresponding card. In state B, the input data is connected to the insertion card.

FIG. 9 shows two cards 1 and 2 inserted, with two switches 1 and 2 in position B. FIG. As a result, high speed data is delivered from DATAIN via serial cards 1 and 2. If only one card is used, card 2 is not inserted, switch S2 is in position A, and high speed data bypasses card 2. The switching arrangement for the device of FIG. 9 is in Table 3.

TABLE 3

The operation of the high speed data signal switching device shown in FIG. 9 includes signals S1 CTRL, S2 CTRL, Card 1 Insertion and Card 2 Insertion. Switches S1 and S2 are electronic switches controlled by signals S1 CTRL and S2 CTRL, respectively. The switch control signal is generated by the control processor of either the card reader or the system (eg, the microcontroller of FIG. 1) in accordance with the signal card 1 insertion and the card 2 insertion. Signal card 1 insertion and card 2 insertion are generated by switches S3 and S4, respectively, in accordance with the insertion of the corresponding card and are coupled to respective interrupt inputs of the microcontroller 160. Before card 1 is inserted, signal S1 CTRL in a logic zero state places electronic switch S1 in position A and signal DATAIN bypasses card 1. Inserting card 1 into the card reader causes switch S3 to change from switch A (card removal) to position B (card insertion). As a result, signal card 1 insertion changes from logic 1 (+ supply voltage) to logic 0 (ground). The interrupt control routine of the microcontroller 160 detects the change of the signal card 1 insertion and changes the level of the signal S1 CTRL. The switch S1 responds by coupling the signal DATAIN to card 1 and changing it to position B. The switches S2 and S4 operate in a similar manner depending on the card 2 to be inserted.

The card reader transmits a high speed data signal through a descrambler of each card inserted into the card reader. To descramble a signal that has been encrypted more than once, each serially connected descrambler descrambles the signal using a specific key and algorithm. Due to the serial connection of each card corresponding to a particular service, each card descrambles data about the service associated with the card and passes other data unchanged. Selective descrambling at each card is accomplished by PID processing at each card. The PID register in each card is loaded with the PID value for the service corresponding to the card. Each card examines the PID data in the header of each packet in the signal. If the PID data does not match the PID data stored on the card, the data passes through the card unchanged. The packet payload is descrambled only within the card where the card PID data matches the packet PID data.

Control of a multi-card serial connection “stack” as shown in FIG. 9 is accomplished via an ISO standard serial I / O signal. In addition to the high speed data I / O signal shown in FIG. 9, the smart card interface signals "clock" "packet clock", "power" and "ground" (shown in conjunction with FIG. 4) are card readers. Each card inserted in 190 is coupled. The interface signals " serial I / O " and " letlet " are coupled to only one smart card at any particular time. The controller 160 detects whether the card has been inserted through signal card 1 insertion or card 2 insertion, controls switch S5 to combine serial I / O, and inserts the card as required to transfer data to the card. Reset the signal to. When more than one card is inserted, controller 160 communicates with a particular card by controlling switch S5 to couple serial I / O, and resets the signal only on that particular card. The high speed data flow through each card in the card's serially connected stack is not affected by the operation of switch S5.

One embodiment of the control of the card stack relates to a delay between high speed data and a packet clock signal depending on the position within the stack of a particular card. The high speed data path of the smart card represents the bit delay from data in to data out equal to the number of high speed clock cycles required for the data processing operation generated on the card. Cards that only pass data from data in to data out will produce a different bit delay than the card that descrambles the data. Serial connection of cards in a stack is a bit per packet clock that depends on the type of processing that high-speed data arriving at a particular card in the stack produces on each card in preference to that particular card, and on the number of cards in the stack prior to that particular card. Indicates a delay.

If the bit delay is not corrected, a card in the stack different from the first card will handle the inappropriate packetized data stream. For example, packet header data is extracted based on the generation of transitions in the packet clock signal. Bit delays on the packet clock will result in improper extraction of header data and incorrect processing of subsequent payload data.

Correction of the bit delay is achieved by communicating bit delay information between the security controller 183 and the controller 160 of each card in the stack. Each card returns a specific bit delay value to the controller 160 in response to a command from the controller 160. The card determines, for example, the current bit delay by referring to a lookup table in the card memory that specifies the bit delay value for each data processing mode, i. The controller 160 requires bit delay data for each card in the stack and includes the number of cards in the stack, the card position in the stack (e.g. card 2) and the bit delays for all cards in the stack in preference to the measurement card. The card is sent to each card information. The card corrects for the bit delay, for example, by using the stack bit delay information from the controller 160 to control the variable delay circuit included in the packet clock signal path in the transmission unit 478.

The device shown in FIG. 9 for reading a plurality of smart cards may be included in a television receiver. For example, FIG. 10 shows a television receiver 1000 capable of reading two smart cards simultaneously. Two cards are inserted into slots 1010 and 1020. A card reading circuit similar to the circuit shown in FIG. 9 is included in the receiver 1000 to create the two serially connected smart cards. Although the embodiment includes the video signal format shown in FIG. 3, it can be applied to other video systems of the present invention, video signal protocols such as the DSS ^™ satellite system, and high definition television (HDTV). It is already clearly known. The invention may also be applied to systems other than television systems. For example, an access control system incorporating the present invention can be used in telephony systems such as cellular and codeless telephone systems where security is a concern.

In addition, the device shown in FIG. 9 can be extended to provide more convenience than two smart cards by adding a switch and detectability (i.e. card insertion signal generation) for each additional card. In addition, the switching device of FIG. 9 can be modified to control the switches S1 and S2 directly depending on the card being inserted, rather than depending on the control of the microcontroller 160. For example, switch S3 may be mechanically or electrically coupled directly to switch S1 such that it inserts card 1 which causes switch S1 to transmit data through card 1.

Although the embodiment relates to a digital I / O signal that is defective in the smart card 180, the smart card 180 can also process analog signals. For example, smart card 180 may include an analog / digital converter (ADC) at a high speed data input, and may include a digital / analog converter at a high speed data output. The ADC and DAC may be located in IC 181 of FIG. Optionally, the IC 81 can be replaced with a "hybrid" device, ie rather than just the IC 181, the smart card 180 can be connected to all ICs 181 interconnected and mounted on a single substrate. It will include ADC and DAC circuits. For analog signal processing smart card, card reader 190 will couple the analog signal to the smart card. These and other variations are intended to be within the scope of the following claims.

1 is a block diagram of a signal processing system including a smart card according to the present invention and embodying aspects of the present invention.

FIG. 2A shows the placement of signal contacts on the surface of a smart card according to ISO standard 7816-2. FIG.

FIG. 2B designates the smart card interface signal to the signal contact shown in FIG. 2A in accordance with ISO standard 7816-2.

3 is a format diagram of data contained in a signal processed by the system of FIG.

4 is a block diagram illustrating an embodiment of a signal processing function in a smart card suitable for use in the system shown in FIG.

5 through 8 are signal diagrams showing signals through the smart card shown in FIG. 4 in various operating modes of the system shown in FIG.

9 is a diagram showing an example of the present invention including a plurality of smart cards connected in series.

FIG. 10 shows a television receiver comprising the embodiment shown in FIG.

<Explanation of symbols for the main parts of the drawings>

180: smart card

181: IC

182: ISO standard signal

187: interface

125: high speed interface signal

184: high speed interface

422: Divider

Claims (9)

(a) the card body, (b) a scrambled data component comprising at least one of audio data and video data, means for receiving a digital input stream having a control component recognized by each header portion and the scrambled data component from an external location of the card body; , (c) means for generating a key code inside the card body in accordance with the control component; (d) means for descrambling the data component inside the card body according to the key code to generate an output stream having the descrambled data component; (e) detecting said header portion of said components inside said card body and separating said input stream into said components, said control component to said generating means and said scrambled data component according to said header portion within said card body; Transmission means for routing a path to the descrambling means; (f) means for coupling said key code between said generating means and said descramble means inside said card body; (g) means for providing said output stream to a location external to said card body. 2. The apparatus of claim 1, wherein the control component is encrypted, the card body further comprises means for storing a second key code, the second key code coupled to the generating means inside the card body, Means for decrypting the cryptographic control component according to the second key code to generate a decryption control component and to generate the first key code in accordance with the decrypted control component. The card body and the cap as set forth in claim 1. And a high speed data interface for transmitting digital data between locations outside the main body. 4. The apparatus of claim 3, further comprising a frequency divider for supplying a first timing signal to the descrambling means and a second timing signal to the generating means, wherein the data rate of the first timing signal is adjusted to the second timing. A signal processing apparatus characterized by exceeding a data rate of a signal. (a) The scrambled data component in the card body comprises at least one of audio data and video data, and receives a digital input stream having the control component and the scrambled data component recognized by each header portion from an external position of the card body. To do that, (b) generating a key code inside the card body according to the control component; (c) descrambling the data component inside the card body according to the key code to generate an output stream having the descrambled data component; (d) detecting said header portion of said components inside said card body, separating said input stream into said components, said control component into said generating means and said scrambled data component into said descrambling means according to said header portion; Processing the input stream by routing; (e) coupling said key code between said generating means and said descramble means inside said card body; (f) providing the output stream to a location external to the card body. The method of claim 5 wherein the control component is encrypted, Decrypting the control component in accordance with a second key code stored inside the card body to generate a decryption control component and generating the first key code in accordance with the decryption control component. Signal processing method characterized in that. (a) the scrambled data component comprises at least one of audio data and video data, and a signal processing channel for processing a digital input stream having the control component and the scrambled data component recognized by each header portion; (b) means for coupling said input stream to a detachable card assembly; (c) means for receiving from said card assembly a processing input stream comprising said descrambled data component; (d) means for processing said descrambled data component to produce an output stream, The card assembly generates a key code according to the control component, descrambles the scrambled data component according to the key code to generate the descrambled data component, detects the header portion of the components, and decodes the input stream. Processing the input stream by separating the components and routing the control component to the generating means and the scrambled data component to the scrambling means, and between the generating means and the descrambling means inside the card body; And the key code is combined. 8. The signal processing apparatus according to claim 7, wherein the key code is coupled between the generating means and the descrambling means inside the card body. (a) a scrambled data component comprising at least one of audio data and video data, receiving a control component recognized by each header portion and a digital input stream having said scrambled data component; (b) coupling the input stream to a detachable card assembly having access control processing means; (c) receiving from the card assembly a processing input stream having a control component and a descramble data component; (d) processing the descrambled data component to produce an output stream, The access control processing means generates a key code in accordance with the control component, descrambles the scrambled data component in accordance with the key code to generate the descrambled data component, detects the header portion of the components and inputs the input. Process the input stream by separating a stream into the components and routing the control component to the generating means and the scrambled data component to the scrambling means, and within the card body the generating means and the descrambling means. And combining the key codes therebetween.